Disable Nagle on Linux and TLS cut through support

net/third_party/nss/ssl/ssl3con.c

Index: net/third_party/nss/ssl/ssl3con.c
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 545e51eaada705078cd5f122701b76daf9598570..dd1ac733d7a4272274f89f82863d52e03e3678dd 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -5657,7 +5657,15 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket *         ss,
     return rv;
 }
 
-
+PRBool
+ssl3_CanFalseStart(sslSocket *ss) {
+    return ss->opt.enableFalseStart &&
+	   !ss->sec.isServer &&
+	   !ss->ssl3.hs.isResuming &&
+	   ss->ssl3.cwSpec &&
+	   ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
+	   ss->ssl3.hs.kea_def->exchKeyType == kt_rsa;

[wtc, 2010/02/20 00:39:51]

I believe you should compare this with ssl_kea_rsa.  See

http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslimpl.h#666
http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslimpl.h#72
http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslt.h#70

See also
http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslt.h#80
which says kt_rsa is for backward compatibility.

+}
 
 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
  * ssl3 Server Hello Done message.
@@ -5735,6 +5743,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss)
 	ss->ssl3.hs.ws = wait_new_session_ticket;
     else
 	ss->ssl3.hs.ws = wait_change_cipher;
+
+    /* Do the handshake callback for sslv3 here. */
+    if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) {
+	(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
+    }
+
     return SECSuccess;
 
 loser:
@@ -8509,7 +8523,7 @@ xmit_loser:
     ss->ssl3.hs.ws = idle_handshake;
 
     /* Do the handshake callback for sslv3 here. */
-    if (ss->handshakeCallback != NULL) {
+    if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) {
 	(ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
     }